From owner-freebsd-security Tue Aug 21 4:43:37 2001 Delivered-To: freebsd-security@freebsd.org Received: from breg.mc.mpls.visi.com (breg.mc.mpls.visi.com [208.42.156.101]) by hub.freebsd.org (Postfix) with ESMTP id F17DF37B406 for ; Tue, 21 Aug 2001 04:43:31 -0700 (PDT) (envelope-from hawkeyd@visi.com) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by breg.mc.mpls.visi.com (Postfix) with ESMTP id 3F7E72D0693 for ; Tue, 21 Aug 2001 06:43:31 -0500 (CDT) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.1/8.11.1) id f7LBhUf24739 for freebsd-security@freebsd.org; Tue, 21 Aug 2001 06:43:30 -0500 (CDT) (envelope-from hawkeyd) Date: Tue, 21 Aug 2001 06:43:30 -0500 From: D J Hawkey Jr To: security at FreeBSD Subject: Re: ipf / ipfw Which to use? Message-ID: <20010821064330.A24713@sheol.localdomain> Reply-To: hawkeyd@visi.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 21 Aug 2001 11:01:40 +0000, roam@ringlet.net wrote: > > On Tue, Aug 21, 2001 at 05:55:44AM -0500, D J Hawkey Jr wrote: > > > > On 21 Aug 2001 09:42:18 +0000, wkb@freebie.xs4all.nl wrote: > > > > > > Largely it is a matter of taste. Ipfilter is multiplatform, ipfw is > > > FreeBSD-only. You can also combine the 2 (e.g. if you want IPfilter and > > > dummynet at the same time). > > > > It's also a matter of efficiency; ipfilter does it all in the kernel, as > > opposed to the packets having to go to userland and back for 'ipfw' to > > play with them. > > ipfw does not process packets in userland. > > natd, as used with ipfw, processes NAT'd (diverted) packets in userland. > ipnat, as used with ipfilter, processes NAT'd (diverted) packets in > the kernel. I stand corrected. Thanks. > G'luck, > Peter You too, Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message